p6taa7fq.dreamwp.com Open in urlscan Pro
176.74.24.122 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://email.y.kajabimail.net/c/eJxskMGO0zAQhp8mvqCt7LHjsQ8-gKASFy77ANEknlJDE3ttF1SeHm0b4MDeRt8_80nzUynTRiuH7_SN5vTUeq58qnnr7a...
Effective URL:
https://p6taa7fq.dreamwp.com/SN20/
Submission: On January 12 via automatic, source phishtank (January 12th 2024, 10:35:19 pm UTC) — Scanned from DE

Summary HTTP 45 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 13 domains to perform 45 HTTP transactions. The main IP is 176.74.24.122, located in London, United Kingdom and belongs to DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU. The main domain is p6taa7fq.dreamwp.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 11th 2024. Valid for: a year.

This is the only time p6taa7fq.dreamwp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BankID (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.102.239.211 34.102.239.211	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
22	176.74.24.122 176.74.24.122	38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited)
5	178.63.219.113 178.63.219.113	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1a32	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2 6	216.58.206.38 216.58.206.38	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
4	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
45	13

1 34.102.239.211 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 211.239.102.34.bc.googleusercontent.com

email.y.kajabimail.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 176.74.24.122 (London, United Kingdom)

ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: ipb04a187a.ipv4.lon01.ds.network

p6taa7fq.dreamwp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 178.63.219.113 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: service.giosg.com

service.giosg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1a32 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.206.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f6.1e100.net

6522680.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	dreamwp.com p6taa7fq.dreamwp.com	648 KB
8	doubleclick.net 4 redirects 6522680.fls.doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 68	4 KB
5	giosg.com service.giosg.com — Cisco Umbrella Rank: 131726	171 KB
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 173	40 KB
4	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 189 www.google.com — Cisco Umbrella Rank: 6	3 KB
3	google.de 1 redirects adservice.google.de — Cisco Umbrella Rank: 9341 www.google.de — Cisco Umbrella Rank: 4002	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	94 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115	1 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 4303	7 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 438	9 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101
1	mouseflow.com cdn.mouseflow.com — Cisco Umbrella Rank: 10750
1	kajabimail.net 1 redirects email.y.kajabimail.net	162 B
45	13

	Domain	Requested by
22	p6taa7fq.dreamwp.com	p6taa7fq.dreamwp.com
6	6522680.fls.doubleclick.net	2 redirects p6taa7fq.dreamwp.com 6522680.fls.doubleclick.net adservice.google.com
5	service.giosg.com	p6taa7fq.dreamwp.com service.giosg.com
4	www.googleadservices.com	6522680.fls.doubleclick.net www.googleadservices.com
2	www.google.de	6522680.fls.doubleclick.net
2	www.google.com	2 redirects
2	googleads.g.doubleclick.net	2 redirects
2	adservice.google.com	1 redirects 6522680.fls.doubleclick.net
2	www.googletagmanager.com	p6taa7fq.dreamwp.com
1	adservice.google.de	1 redirects
1	fonts.googleapis.com	p6taa7fq.dreamwp.com
1	stackpath.bootstrapcdn.com	p6taa7fq.dreamwp.com
1	cdn.jsdelivr.net	p6taa7fq.dreamwp.com
1	www.google-analytics.com	p6taa7fq.dreamwp.com
1	cdn.mouseflow.com	p6taa7fq.dreamwp.com
1	email.y.kajabimail.net	1 redirects
45	16

This site contains no links.

Subject Issuer	Validity	Valid
*.dreamwp.com Sectigo RSA Domain Validation Secure Server CA	`2024-01-11` - `2025-02-10`	a year	crt.sh
*.giosg.com Starfield Secure Certificate Authority - G2	`2023-07-26` - `2024-08-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
cdn.mouseflow.com Cloudflare Inc ECC CA-3	`2023-10-25` - `2024-10-23`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
bootstrapcdn.com GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://p6taa7fq.dreamwp.com/SN20/
Frame ID: 54361FCC014272B0EB92950A998F95B8
Requests: 21 HTTP requests in this frame

Frame: https://p6taa7fq.dreamwp.com/SN20/id.html
Frame ID: 8847E74EDB8C06533AFC6A7A33CBABD2
Requests: 13 HTTP requests in this frame

Frame: https://6522680.fls.doubleclick.net/activityi;dc_pre=CP64trn02IMDFV3AOwIdy4sCrA;src=6522680;type=s360_001;cat=s360_0;ord=1;num=5035180122919;auiddc=1853619772.1697328433;gtm=45He3an0;epver=2;~oref=https%3A%2F%2Fwww.santanderconsumer.no%2Fsignering%2Flogin
Frame ID: 1EA9A2869AC2B336FEE280D8F6284A57
Requests: 1 HTTP requests in this frame

Frame: https://6522680.fls.doubleclick.net/activityi;dc_pre=CIO2trn02IMDFUXMOwIduYMEyw;src=6522680;type=s360_002;cat=s360_0;ord=1;num=8301488084670;auiddc=1853619772.1697328433;u1=https%3A%2F%2Fwww.santanderconsumer.no%2Fsignering%2Flogin;gtm=45He3an0;epver=2;~oref=https%3A%2F%2Fwww.santanderconsumer.no%2Fsignering%2Flogin
Frame ID: 65079C042540AE64165061DE0711C158
Requests: 1 HTTP requests in this frame

Frame: https://6522680.fls.doubleclick.net/ddm/fls/r/dc_pre=CIO2trn02IMDFUXMOwIduYMEyw;src=6522680;type=s360_002;cat=s360_0;ord=1;num=8301488084670;auiddc=1853619772.1697328433;u1=https%3A%2F%2Fwww.santanderconsumer.no%2Fsignering%2Flogin;gtm=45He3an0;epver=2;~oref=https%3A%2F%2Fwww.santanderconsumer.no%2Fsignering%2Flogin
Frame ID: FD8E8952DC4473D4A07878F4C841243F
Requests: 4 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CP64trn02IMDFV3AOwIdy4sCrA;src=6522680;type=s360_001;cat=s360_0;ord=1;num=5035180122919;auiddc=1853619772.1697328433;gtm=45He3an0;epver=2;~oref=https%3A%2F%2Fwww.santanderconsumer.no%2Fsignering%2Flogin
Frame ID: 9E9FE624C73D9787669A8447E6BFB671
Requests: 1 HTTP requests in this frame

Frame: https://6522680.fls.doubleclick.net/ddm/fls/r/dc_pre=CP64trn02IMDFV3AOwIdy4sCrA;src=6522680;type=s360_001;cat=s360_0;ord=1;num=5035180122919;auiddc=1853619772.1697328433;gtm=45He3an0;epver=2;~oref=https%3A%2F%2Fwww.santanderconsumer.no%2Fsignering%2Flogin
Frame ID: 19D58B4AD68330A885A8CA74E5BDC0BB
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Signering av låne- og leasingdokumenter | Santander Consumer Bank

Page URL History Show full URLs

https://email.y.kajabimail.net/c/eJxskMGO0zAQhp8mvqCt7LHjsQ8-gKASFy77ANEknlJDE3ttF1SeHm0b4MDeRt8_80nzUynTRi... HTTP 302
https://p6taa7fq.dreamwp.com/SN20/ Page URL